CVE-2010-1929: Buffer Overflow
First published: Mon Jun 28 2010(Updated: )
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell iManager | =2.7.3-ftf2 | |
| Novell iManager | =2.7.3 | |
| Novell iManager | =2.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/40281
- http://www.securityfocus.com/bid/40480
- http://securitytracker.com/id?1024152
- http://www.osvdb.org/65737
- http://www.vupen.com/english/advisories/2010/1575
- http://www.exploit-db.com/exploits/14010
- http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59694
- http://www.securityfocus.com/archive/1/511983/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/novell
- canonical/novell imanager
- version/novell imanager/2.7.3-ftf2
- version/novell imanager/2.7.3
- version/novell imanager/2.7.0